Black Box: Goofy voting machine news of the day

1. Diebold is selling its new TSx touch screen system. Ohio has three finalists, and Diebold, with the new TSx, is one of them. Problem is: THIS SYSTEM HAS NEVER BEEN CERTIFIED! Diebold says it hopes it will get certified in four or five weeks. The counties must buy the machines in four weeks.

More on this: Gee, is it true then, that the system the Hopkins scientists studied was old and out of date? Well, consider this: One of the folders on the infamous FTP site was -- you guessed it -- labeled "final certification" documents for the TSx system. In these documents is the very interesting statement under "change log" -- they said they did not need to submit a change log because it is based on a previous submission. So...were there changes or weren't there? In fact, have they ever produced a lick of evidence that they changed a goll-durn thing to remedy the flaws found in the Hopkins report?

2. Diebold is getting away from plugging in a modem to transmit results from precincts into the GEMS system at the county. Do we feel better now? Nope -- they are switching to WIRELESS transmission. Have they answered one single question about whether this can be hacked? (Understand the implications of hacking during transmission of the vote to the county: You can overwrite the ORIGINAL VOTES in the precinct this way, destroying the value of the memory card as a backup system).

Well yes, they did answer a question about being hacked. They basically admitted that it could happen. No worry, says Diebold spokesman -- hackers wouldn't get the official results, only the unofficial results. It takes several days to make the results official, he says. And to make them official they do what -- look at the memory card (which can be hacked) and/or the GEMS database (which can be hacked). (In fact a hacker could hit both at the same time, during the upload). I feel secure now.

3. Ohio delays decision to pick voting machine vendor, until -- you guessed it -- defense contractor SAIC looks over Diebold and gives them a clean bill of health. How the SAIC can be in a position to do this is beyond me -- they have not one, not two, but THREE ties to the electronic voting indusry: 1) Built voting machines for Diversified Dynamics 2) Marketed electronic voter registration system and 3) Two former directors of SAIC are now directors of VoteHere, a voting machine company.

4. Yes, and you'll be delighted to know that Georgia not only lost some of its memory cards (containing thousands of votes) in the 2002 election, but now it can't find its certification documents. That's right folks, Georgia doesn't seem to be able to locate the certification letter for the Diebold machines. Wait -- new answer -- they just announced they are not sure what is meant by "certification" documents.

Can these people get any more arrogant? There are links to the above at http://www.blackboxvoting.org.

BONUS NEWS BYTE

5. Where's Bob? Well once there were two brothers named Bob and Todd. They started a company -- voting machine, company, that is. Then Bob went down to Texas, and got in charge of another company -- voting machine, company, that is. Bob and Todd and Diebold and ES&S, soon had eighty percent of America voting on their machines.

But now where's Bob? Haven't heard hide nor hair of him. He always comes into news interviews as the President of Diebold Election Systems, but as of the end of July, it seems someone else is using that title. Meet Tom Swidarski, President of Diebold Election Systems. Not a peep anywhere in the news media about where Bob is. Bob? Oh Bobbbb! What happened to Bob Urosevich?


Bev Harris

as available now, are not to be entrusted with sensative data. It is trivial for a knowledgeable hacker to take them apart. Once cracked, the ability to exploit is then bi-directional. You have already documented that there is an "in door" on these machines.

Quite frankly, the only secure method to network these things would be on leased fractional T-1 lines. I would bet they know that, except for the fact that they have bet the farm on these machines and they have to get the cost of operation down so they can start selling them in volume, thus getting their manufacturing costs down through economies of scale, and start making real profit.

Non-computer literate poll workers can see when the land line modem is plugged in. They can feel good about keeping it unplugged while the election is going on. That is still a problem in that someone who hacks the router box can get at the vote data while it's transmitted.

But now, let's go wireless: Who will ever know whether it is "live" while the election is in process? And that is very, VERY dangerous -- it would allow a hacker to overwrite votes before they are ever transmitted, leaving no trail at all.

Bev

"But now, let's go wireless: Who will ever know whether it is "live" while the election is in process? And that is very, VERY dangerous -- it would allow a hacker to overwrite votes before they are ever transmitted, leaving no trail at all."

It would be possible to check and see if a machine is "wireless-alive" with a handheld frequency unit that reads in the range of the frequency range ofthe wireless schema they are using.

But that is not exactly trivial, for a number of reasons:

The frequency counters that read in those ranges ain't cheap no way.

Full and effective coverage of all precincts in a small city, at all times, in a small city would not be trivial.

The wireless unit could be turned off when the poll worker with the frequency counter is there soing the readings. When he/she leaves, to go to another precinct, you could turn the thing back on.

The noted and capable hacker, Kevin Mitnick, once said that his most effective hacking tool was "Human Engineering", I.E.: conning people into giving him the information and access that he wanted.

This whole wireless thing could be easily manipulated with Human Engineering. A con or several.

Wireless for elections? A baaaaaad idea. Very bad.

and the frequencies are already known. All you have to do is transmit on the frequency and jam everything, then put your own transmitter closer to the receiver and spoof the IP.

FM "capture ratio".

Are not the type who would be concerned about the cost of the tools necessary to accomplish this.

you have to run via a secure VPN, something you can be they aren't going to do.

This isn't sickening, really. You've got a LOT of good stuff here! Is now the right time to get all this out to the press?

Hey, I must be cool. Got interviewed by Rolling Stone magazine today.

I continue to be surprised by the number of skeptics here who question what you're doing. It's valuable work, though, and your analysis is slowing sinking in. Notwithstanding your comments about SAIC, the reality is, at least for the moment, that the states are raising questions and slowing down the process. This buys you more time for media coverage, more analysis.

Keep up the good work.

Seems it would depend on how much research/corroboration they have to do on their own.

Rolling Stone - that is cool. :bounce:

on edit: I see you changed your thread headline from "Sickening" to "Goofy". Yeah, that's better...

One that I interviewed for last week is coming out Monday or Tuesday, I hear. It's fairly big, but I don't know if the writer is doing damage control or a real news article. Will wait and see on that.

Good news: A few bona fide investigative reporters seem to have the guts to do this thing. Julie Smythe (Smyth?) of the Cleveland Plain Dealer has done three tough-minded articles in a row, and she busted out on the Diebold political connections AND broke the story about the new uncertified TSx system.

Erika D. Smith of the Akron Beacon Journal (right in Diebold's back yard) did two articles today -- http://www.ohio.com/mld/beaconjournal/6538203.htm
and
http://www.ohio.com/mld/beaconjournal/6538170.htm
and she was the one that asked the tough follow up questions that elicited the stupid answer to the "can they be hacked" question.

Brigid Schulte of the Washington Post is doing great too.

And Wired News is superb -- busted out with that story about the second Diebold FTP site getting hacked.

Inch by inch, drip by drip folks. It's only been five weeks since we popped that little bit into Scoop -- and speaking of great investigative and gutsy work: Let's hear it for Alastair of Scoop!

Bev

All FEMALE reporters! More power to 'em! :)

A big THANK YOU to Alastair at Scoop NZ. Brave people all. I am constantly seeing new articles on this. I believe it's going really well. I was so afraid it would get buried. I am excited at the coverage it's getting, and this is really early on. Have you had any more threats Bev? I hope that has ended.

this just keeps getting deeper, doesn't it?

Still, in the past month I've heard more in the mainstream about voting machines than I've heard all year!

:toast:

Scoop Media released a link to the Diebold files.

How might I obtain that archive?

After the CE Remote Updater has completed its update, the automation program closes the connection to the corporate intranet and hangs up. The automation application is now updated with the latest software patches and sales data for the day.

CE Remote Updater is comprised of several COM objects that provide the base functionality of updating. Using COM allows CE Remote Updater to be easily incorporated into C++ and Visual Basic applications. COM also allows the components of CE Remote Updater to be updated themselves independently of any application that uses them, as well as allow CE Remote Updater to be shared by multiple applications without increasing the footprint of any one application.

---

But it's nothing to worry about. The GEMS computer doesn't run WindowsCE - just the ones storing your votes!

This is a widely available little add-on to WindowsCE, created by BSquare Corporation.

http://www.blackboxvoting.org/pdf/CERemoteUpdater.pdf

if Ohio buys the machines from them? I posted this the other day, but it dropped pretty fast.
http://www.cleveland.com/news/plaindealer/index.ssf?/base/news/1060507915313300.xml

Oh, well, the site is down because of the outage. Basically it was a you buy our machines, we will build them in your state thing.

This made my day!

Are any of you familar with the progressive think tank, The Commonweal Institute?
http://www.commonwealinstitute.org/index.html

This is in their current newsletter:

Presentation on Electronic Voting Machines -- On August 7, Co-founder Katherine Forrest gave a presentation on the hazards of Electronic Voting Machines to the Wellstone Democratic Renewal Club in Emeryville, CA. Emeryville is located in Alameda County, which uses the Diebold voting equipment that has received so much bad press recently. Following the presentation, the Club passed a resolution to demand modification of the voting machine equipment to provide a voter verifiable audit trail (VVAT), to encourage absentee voting in all elections until VVAT is in place, and to declare their support for a bill now in Congress (HR 2239) that would require VVAT in all systems used for national elections.

Dr. Forrest and other Commonweal Institute speakers are available for speaking engagements on the topic of Electronic Voting Machines in the San Francisco Bay area. To request a speaker for your organization or media broadcast, please call 650-XXX-XXXX.

Dr. Forrest's bio is available here:
http://www.commonwealinstitute.org/about_us.htm

BIG SMILE here! :)

Nice catch!

What response I've received from my reps has been positive so far... at least, they seem to be concerned, and investigating the issue further, as opposed to just saying they are 'confident'

the unopposed strategy of going to SAIC will tailor a quick clean bill timed to slip in ALL the future sales under the gun and thereby stonewall and delay ALL other critics and run through to Nov. 2004 on pure inertia?

As long as computer experts simply do an honest and spontaneous(that is, non-strategic)review of the exposed files and every other investigation is muted, slow, haphazard, can they be stopped?

Your critiques are valid. Your voice is in the muted background. No one hardly gives you credit for psuhing the stink under the noses of the now famous University experts. I still see Diebold squirming through this unless critical mass is reached in revelation, scnadal and public awareness. Lord knows the "officials" seem impotent or starstruck in a Greek tragedy.

These are facts, not theories, that are stll pushing uphill. Are we breaking through in time?

I don't want to ask if more is forthcoming. Just keep giving us ways to pile it on, to chip away. I think with the blackout I can generate some immediate attention with a local editorial that otherwise would be skimmed over.

I just smacked around a couple of the leading experts tonight on this.

You see, these guys could join in some real momentum if they would cooperate instead of compete. I have made contact with some leading hacker groups (different set of skills from the academics, and they should admit it, and welcome these guys, and work cooperatively with them, instead of dithering around trying to reinvent the wheel). I also made contact with some strong Windows developers, and the academics don't have those skills either, and badly need to interface with these guys (and women).

If we had all four groups working even halfway cooperatively (academics, activists, hackers and Windows professionals) we'd have this thing very nearly won.

If we can't achieve that, we'll probably get steamrolled.

Damn the egos.

Bev Harris
http://www.blackboxvoting.org

Because of crappy security on wireless, it is not that hard for someone to sit in their car near an election booth and sniff the transmission. Added to Diebold's crappy encryption scheme that does not prohibit man in the middle attacks, you can redirect the stream to your PC instead of the GEMS server.

.....the Bad news, we can't hit the preferred time frame due to a number of circumstances beyond my control! :(
The Good news is we should be in a position to hit the same news cycle that SAIC declares the machines 'safe' for use in elections! :evilgrin:
We have 'THE' software, and are assembling 'THE' hardware (minus the enclosures) as I type this.
I guess they forgot that the hardware specs were left on the server along with the software. That's one excuse we're determined to deny them of. :)
We know what and who we're up against and needed time to make sure adaquate information and backup is in place should something go wrong. :(
I'll be in touch soon but not sure how just yet as my e-mail started to 'wander' after your last missive. My 'packet sniffer' told me where but I'm not going to say just yet. You are pissing off the right people!
One thing that would help us is a link to the list of the 900 or so computer experts that have come out against the use of these machines without a human readable audit trail. We see the need to circulate and bolster that list as much as possible and ASAP!

Thanks Bev and DemActivist!
Keep up the good work!

Oh! Here's Bob!

link to the list of the 900 or so computer experts that have come out against the use of these machines without a human readable audit trail.

Paranoid,

That list is on Verified Voting's web site:

http://www.verifiedvoting.org/endorsers.asp?catid=1

(for those who missed it, a second Diebold FTP site was compromised and it contained a bunch of memos, in which they apparently referred to me as "Paranoid Bev" and "the Black Box problem" -- thus, I feel such kinship with Paranoid Pat. We must be related.) Anyway, about the wandering e-mail:

Yup. One of our people got an unmistakable transmission that the email is being monitored. Wrote me, said there was a "situation" with the email, and immediately afterward was sent a message that basically said "look, we have been reading your emails."

Thanks, and best of luck to the Black Box team. You know who you are. All of you!

Bev

... but verify _who_ says emails are being read. I believe it's a federal crime to hack into email that is not in the public domain (i.e., public officials), and I have a lawyer friend who can substantiate that. At the very least, it's a clear invasion of privacy.

Cheers.

Please check out my message in the lounge.

http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=105&topic_id=102786

you are awesome
awesome

any way to help, please just call out

keep on!

i say humbly, bowing

:kick:

i was just reading a sie about "the brotherhood" in arlingon virginia, very tied in with top-dog politicos (meese, keating,reagan, etc), and its leaders believe that democracy is a "prideful" thing that keeps us away from jebus....

and something jumped out at me...

one of the people they are associated with is Jerome A. Lewis, former CEO of Petro-Lewis Corp.

this might be a long shot, but the anti-democratic stance of the group along with the name just made me think...maybe...if someone knows how to investigate such things...

anyway, the article is at
http://www.harpers.org/online/jesus_plus_nothing/jesus_plus_nothing.php3?pg=1 if anyone is interested. very very scary.

Yes, Lewis is a common name. He does say that he worked for a petrochemical company. Yes, a very long shot, but some of those do pan out. Thanks for the tip!

Bev

i posted to you about this once before, but i dont know if you saw it...

I was reading thru some of the "memos" or notes or something between diebold employees, and caught a line about "...most of this was cribbed from WINE" , referring to some code that they had to write because microsoft would not include it in windows.

Now, as you probably know, WINE is a "windows emulator" that is open source and published under the copyleft that so much of linux is published under.

My question is, would the open-source community be interested in pursuing this, maybe suing to get the entire code open-sourced?

There is a provision in a version of Wine that allows this type of commercial usage. The problem is that they didn't disclose it in certification.

Bev

... and I could not find any definitive link between R. Doug Lewis and Jerome Lewis, nor between Petro-Lewis and our Doug Lewis. Doesn't mean it doesn't exist, just means it's not available in the public record.

BTW, the Jesus Plus Nothing article is quite good--should have gotten a lot of people stirred up, but it didn't.

Scary but fascinating! Thank you. Bev.

I got an email from a local Dem (non-DUer) quoting Bev and the dangers of this. The word is spreading!

http://www.sltrib.com/2003/aug/08152003/nation_w/84120.asp

quoting David Dill, and Avi Rubin too.

:bounce:

a couple more Friday links:

http://www.theolympian.com/home/news/20030815/frontpage/76131.shtml

http://www.bayarea.com/mld/cctimes/news/special_packages/davis_recall/6538690.htm

your .org site and change the text for the book release. Might encourage potential buyers.

W_A_M

but I am unable to control the wild telephone -- media calls nonstop, and being as I'm a publicist by trade, I just can't stop my hand from picking up. I'm having to reroute my media calls to my publisher so he can handle PR. How ironic is this, a publicist who can't handle her own publicity.

The problem that's really getting in the way is a good problem to have -- every time I get interviewed they are taking an average of an hour and a half. They are really going in depth. There is definitely more to come, folks.

Yes, we need to change that book date, and fortunately, my publisher has lined up a short run procedure (quick printing, almost immediate turnaround as opposed to the usual many-week wait).

Bev

in this article today

Recall delays County voting system fixes

San Mateo County will not be able to purchase the new Diebold machines in until 2006. Also San Bernardino has to wait until next year before installing new machines.

Warren Slocum, San Mateo's the County's chief elections officer is an outspoken critic of touch-screen voting machines.

"My view is that voters should verify their votes before they leave the polling place. The paper ballot should be the official ballot, not the electronic copies," he said. Slocum believes electronic voting machines present too many opportunities for mistakes.

Kim Alexander, president of the nonprofit California Voter Foundation and member of California Secretary of State Kevin Shelley's Touchscreen Voting Task Force, echoes Slocum's concerns. She has been working to get a state regulation passed that would require all forms of electronic voting machines to have a paper record that a voter can verify.

Lots more in the article about California. There is also this interesting item:

Since there are no voting machines on the market that inspire Slocum's confidence, he decided to design his own. Based on Slocum's ideas, a representative from the County's voting machine vendor, Omaha, Neb.-based Election Systems & Software, has come up with a prototype for a new voting machine that the company currently is trying to get certified by the federal government.

and a friendly pinch on the cheek.

.....seems a lot like Avante's for some reason....

Kick!

So:

:kick:

Eloriel

:kick:

Our votes must count- as we intended!